CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2023-47562 – Photo Station
https://notcve.org/view.php?id=CVE-2023-47562
02 Feb 2024 — An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later Se ha informado que una vulnerabilidad de inyección de comandos del sistema operativo afecta a Photo Station. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados ejecutar comandos a través de una ... • https://www.qnap.com/en/security-advisory/qsa-24-08 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47561 – Photo Station
https://notcve.org/view.php?id=CVE-2023-47561
02 Feb 2024 — A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later Vulnerabilidad de Cross-Site Scripting (XSS) afecta a Photo Station. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados inyectar código malicioso a través de una red. Ya hemos soluciona... • https://www.qnap.com/en/security-advisory/qsa-24-08 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 94%CPEs: 11EXPL: 0CVE-2022-27593 – QNAP Photo Station Externally Controlled Reference Vulnerability
https://notcve.org/view.php?id=CVE-2022-27593
08 Sep 2022 — An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later Se ha informado una vulnerabilidad de re... • https://www.qnap.com/en/security-advisory/qsa-22-24 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44057 – Improper authentication in Photo Station
https://notcve.org/view.php?id=CVE-2021-44057
05 May 2022 — An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later Se ha informado de una vulnerabilidad de autenticación inapropiada que afecta al dispositivo ... • https://www.qnap.com/en/security-advisory/qsa-22-15 • CWE-287: Improper Authentication •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34356 – Stored XSS Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2021-34356
01 Oct 2021 — A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later Se ha reportado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo QNAP que ejecuta Photo Station. Si es explotado, esta vulnerabilidad permiten a atacantes rem... • https://www.qnap.com/en/security-advisory/qsa-21-41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34355 – Stored XSS Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2021-34355
01 Oct 2021 — A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later Se ha reportado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al NAS de QNAP que ... • https://www.qnap.com/en/security-advisory/qsa-21-42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34354 – Stored Cross-site Scripting Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2021-34354
01 Oct 2021 — A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later Se ha reportado una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo de QNAP que ejecuta Photo Station. Si es explotado, esta vulnerabilidad permiten a atacantes rem... • https://www.qnap.com/en/security-advisory/qsa-21-41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2502 – Cross-site Scripting Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2020-2502
17 Feb 2021 — This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later Esta vulnerabilidad de tipo cross-site scripting en Photo Station, permite a atacantes remotos inyectar código malicioso. QNAP ya ha corregido esta vulnerabilidad en las siguientes versiones de Photo Station. Photo Station versiones 6.0.11 y posterior • https://www.qnap.com/en/security-advisory/qsa-21-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2020-2491 – Cross-site Scripting Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2020-2491
10 Dec 2020 — This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later Esta vulnerabilidad de tipo cross-site scripting en Photo Stati... • https://www.qnap.com/en/security-advisory/qsa-20-15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19956
https://notcve.org/view.php?id=CVE-2018-19956
02 Nov 2020 — The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. Se ha reportado la vulnerabilidad de tipo cross-site scripting que afecta a versiones anteriores de Photo Station. • https://www.qnap.com/en/security-advisory/qsa-20-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •